offline:wrccdc_pcaps_results
This is an old revision of the document!
Table of Contents
Analyzing the WRCCDC PCAPs : Part 3 Analysis using TrisulNSM
In this article we will just show pictures and a video of how you might analyze the imported PCAP dumps using Trisul.
This is Part-3 of a 3 Part series
- Part 3: Screenshots & video of analysis paths (using TrisulNSM)
Now lets see some screenshots that will give you an idea of where to start.
Video showing UI navigations
A sample video made by one of our engineers showing the analysis paths.
Monitoring Techniques
Here are a few screenshots of the dataset showing the monitoring and baseline building techniques described in Part-1 of this series
Start from PCAP Summary Dashboard
Hosts Dashboard
Get an overview of flow activity
Viewing IDS Alerts
Retro Analysis - view advanced counters
Here we are seeing the JA3 TLS Fingerprints
Drilldown techniques
Explore flows
Trisul EDGE: Graph analytics discover relationships
File Extraction
Drilldown to Packets
File extraction
DOCKER:unpl:root savedfiles$ ls /tmp/savedfiles/*.exe -l -rw-r--r-- 1 trisul trisul 287392 May 11 12:52 /tmp/savedfiles/00_00_f91a_10.128.0.201__PsGetsid.exe -rw-r--r-- 1 trisul trisul 287392 May 11 12:52 /tmp/savedfiles/00_00_fb80_10.128.0.201__PsGetsid.exe -rw-r--r-- 1 trisul trisul 12582912 May 11 12:52 /tmp/savedfiles/00_01_dbcf_10.150.0.70__chocolate_debug.exe -rw-r--r-- 1 trisul trisul 42846720 May 11 12:52 /tmp/savedfiles/00_01_df63_10.150.0.70__chocolate_debug.exe DOCKER:unpl:root savedfiles$
offline/wrccdc_pcaps_results.1526147886.txt.gz · Last modified: 2018/05/12 23:28 by veera